Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Key Fob Hack Allows Attackers To Unlock Millions Of Cars

Researchers claim a hack of Volkswagen’s keyless entry systems leave millions of cars vulnerable to attack by an “unskilled adversary.”

Academic researchers added another hack to a growing list of compromises involving vehicles, and this one should give drivers pause the next time they leave valuables locked in their trunk.

This hack involves millions of Volkswagen, Ford and Chevrolet vehicles that rely on an outdated key fob technology, which creates an opportunity for even an “unskilled adversary” to get past a car’s keyless entry system to unlock it.

“Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles,” according to a technical paper describing the hack (PDF) . The researchers, Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès, are scheduled to discuss the research at the USENIX Security Symposium, in Austin, TX this week.

Volkswagen, reached by the Reuters news agency, did not dispute the claim and said its, “current vehicle generation is not afflicted by the problems described.”

The researchers purposely omitted some technical details, but said keyless entry systems can be hacked using inexpensive technical devices. “For our analyses, we used various devices, including Software-Defined Radios (SDRs) (HackRF, USRP, rtl-sdr DVB-T USB sticks) and inexpensive RF modules. Our simple setup which costs $40, is battery powered, can eavesdrop and record rolling codes, emulate a key, and perform reactive jamming.”

The attack exploits two vulnerabilities; one allows an attacker to unlock nearly every model VW made since 1995, according to researchers, while the other technique impacts key fobs used with Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot vehicles.

Both hacks use a modified Arduino radio device within a 300-foot radius of the targeted vehicle to intercept codes from a car’s key fob. The first involved using the eavesdropping device to recover a fixed global set of cryptographic keys used in all VW cars. Using the Arduino, researchers said they only needed to eavesdrop once while someone opened their car with a key fob to crack the code.

The second vulnerability is tied to a weaknesses in the key fob’s cryptographic scheme called HiTag2. Researchers were able to easily crack the HiTag2 crypto system because of what they said were flaws in the algorithm. Using the Arduino radio device, researchers intercepted eight key codes used in a rolling code pattern by the key fob to open the door. “On average, our attack implementation recovers the cryptographic key in approximately 1 minute computation, requiring a few eavesdropped rolling codes (between 4 and 8),” the researchers wrote.

Car hacking experts say that lax or non-existent security with Volkswagen’s key-fob technology is endemic of the entire auto industry. “Volkswagen is far from alone. In virtually every system that we have looked at, we see automakers guilty of some variants of Volkswagen’s problem. They are either reusing keys, relying on hard-coded credentials or leaving systems with developer backdoors still enabled,” said Corey Thuen, senior security consultant with IOActive that recently published a report on car security.

Researchers say the necessary equipment to perpetrate above hacks are widely available at low cost, and are also sold as black box kits on underground markets. “The attacks are hence highly scalable and could be potentially carried out by an unskilled adversary,” they conclude.

The bad news is any retro-fix to the problem will be extremely difficult, Thuen said. “The fix is non-trivial requiring an update to tens of millions of components affected by this. Volkswagen’s biggest mistakes were demonstrating a lack of understanding and lack of effort for property implementing cryptography.” He added that car maker’s such as Volkswagen should never have the assumption that the data in their devices is unattainable.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.